Skip to content

v1.0.6: NTLM hash support
Compare
Choose a tag to compare
@wneessen wneessen released this 09 Feb 16:19
· 13 commits to main since this release
v1.0.6
2e13557
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release introduces support for NTLM hashes in the PwnedPassAPI as announced by Troy Hunt.

To be able to generate NTLM hashes, we needed the ability to calculate MD4 hashes, as NTLM basically is calculated like this: MD4(UTF-16LE(pw)). For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that the module "only depends on Go stdlib".

A new Client option has been introduced: WithPwnedNTLMHash. If the client is initalized with this option, all generic methods (ListHashesPassword and CheckPassword) will operate on NTLM hashes.

Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: CheckNTLM and ListHashesNTLM

What's Changed

Full Changelog: v1.0.5...v1.0.6

Contributors

wneessen
Assets 2
Loading
0 Join discussion